Hillstone Networks

RULE（RULE ID：331396）

Rule General Information


Release Date:		2020-11-09

Rule Name:		Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2020-10204)

Severity:

CVE ID:

Rule Protection Details


Description:		Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.

Impact:		An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Linux, Others

Reference:		https://support.sonatype.com/hc/en-us/articles/360044356194

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://support.sonatype.com/hc/en-us/articles/360044356194-CVE-2020-10204-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31